diff options
| author | slene <vslene@gmail.com> | 2014-03-23 01:44:02 +0800 |
|---|---|---|
| committer | slene <vslene@gmail.com> | 2014-03-23 01:44:02 +0800 |
| commit | 076fc98d981aea3533eea363ca1c7e43f77b9802 (patch) | |
| tree | 596d754de0d53a7e0794dcd61122ddb85298a0e1 /templates/user | |
| parent | 01e781dedb3c6d48349516de0eee5cea41c077e1 (diff) | |
| download | gitea-076fc98d981aea3533eea363ca1c7e43f77b9802.tar.gz gitea-076fc98d981aea3533eea363ca1c7e43f77b9802.zip | |
add csrf check
Diffstat (limited to 'templates/user')
| -rw-r--r-- | templates/user/active.tmpl | 3 | ||||
| -rw-r--r-- | templates/user/delete.tmpl | 1 | ||||
| -rw-r--r-- | templates/user/password.tmpl | 4 | ||||
| -rw-r--r-- | templates/user/publickey.tmpl | 1 | ||||
| -rw-r--r-- | templates/user/setting.tmpl | 1 | ||||
| -rw-r--r-- | templates/user/signin.tmpl | 1 | ||||
| -rw-r--r-- | templates/user/signup.tmpl | 1 |
7 files changed, 10 insertions, 2 deletions
diff --git a/templates/user/active.tmpl b/templates/user/active.tmpl index 47c87a591c..0df116cb40 100644 --- a/templates/user/active.tmpl +++ b/templates/user/active.tmpl @@ -1,7 +1,8 @@ {{template "base/head" .}} {{template "base/navbar" .}} <div id="gogs-body" class="container"> - <form action="/user/activate" method="get" class="form-horizontal gogs-card" id="gogs-login-card"> + <form action="/user/activate" method="post" class="form-horizontal gogs-card" id="gogs-login-card"> + {{.CsrfTokenHtml}} <h3>Activate Your Account</h3> {{if .IsActivatePage}} {{if .ServiceNotEnabled}} diff --git a/templates/user/delete.tmpl b/templates/user/delete.tmpl index 397ea8cc09..46376672d4 100644 --- a/templates/user/delete.tmpl +++ b/templates/user/delete.tmpl @@ -22,6 +22,7 @@ <div class="modal fade" id="delete-account-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal-dialog"> <form action="/user/delete" method="post" class="modal-content" id="gogs-user-delete"> + {{.CsrfTokenHtml}} <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title" id="myModalLabel">Delete Account</h4> diff --git a/templates/user/password.tmpl b/templates/user/password.tmpl index 2ee178a3fc..936ec4b124 100644 --- a/templates/user/password.tmpl +++ b/templates/user/password.tmpl @@ -5,7 +5,9 @@ <div id="gogs-user-setting-container" class="col-md-9"> <div id="gogs-setting-pwd"> <h4>Password</h4> - <form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting/password">{{if .IsSuccess}} + <form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting/password"> + {{.CsrfTokenHtml}} + {{if .IsSuccess}} <p class="alert alert-success">Password is changed successfully. You can now sign in via new password.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}} <div class="form-group"> <label class="col-md-3 control-label">Old Password<strong class="text-danger">*</strong></label> diff --git a/templates/user/publickey.tmpl b/templates/user/publickey.tmpl index 72467659be..e645e1a84b 100644 --- a/templates/user/publickey.tmpl +++ b/templates/user/publickey.tmpl @@ -22,6 +22,7 @@ <div class="modal fade" id="ssh-add-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal-dialog"> <form class="modal-content form-horizontal" id="gogs-ssh-form" method="post" action="/user/setting/ssh/"> + {{.CsrfTokenHtml}} <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h4 class="modal-title" id="myModalLabel">Add SSH Key</h4> diff --git a/templates/user/setting.tmpl b/templates/user/setting.tmpl index 222ddd895b..30c9529b12 100644 --- a/templates/user/setting.tmpl +++ b/templates/user/setting.tmpl @@ -6,6 +6,7 @@ <div id="gogs-setting-pwd"> <h4>Account Profile</h4> <form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting"> + {{.CsrfTokenHtml}} {{if .IsSuccess}}<p class="alert alert-success">Your profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}} <p>Your Email will be public and used for Account related notifications and any web based operations made via the web.</p> <div class="form-group"> diff --git a/templates/user/signin.tmpl b/templates/user/signin.tmpl index a49bf11405..8dc7292ff8 100644 --- a/templates/user/signin.tmpl +++ b/templates/user/signin.tmpl @@ -2,6 +2,7 @@ {{template "base/navbar" .}} <div class="container" id="gogs-body" data-page="user-signin"> <form action="/user/login" method="post" class="form-horizontal gogs-card" id="gogs-login-card"> + {{.CsrfTokenHtml}} <h3>Log in</h3> <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div> <div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}"> diff --git a/templates/user/signup.tmpl b/templates/user/signup.tmpl index 069d34a5b2..fbfc4cadcc 100644 --- a/templates/user/signup.tmpl +++ b/templates/user/signup.tmpl @@ -2,6 +2,7 @@ {{template "base/navbar" .}} <div class="container" id="gogs-body" data-page="user-signup"> <form action="/user/sign_up" method="post" class="form-horizontal gogs-card" id="gogs-login-card"> + {{.CsrfTokenHtml}} {{if .DisenableRegisteration}} Sorry, registeration has been disenabled, you can only get account from administrator. {{else}} |